Incident Response

Effective threat assessment, forensic investigation and incident response.

REQUIRE URGENT INCIDENT RESPONSE?

Constantly evolving hacker tactics, mean today’s Incident Response handlers must hunt for unknown or anomalous signs of breach that go beyond malware without relying on ineffective signatures, traditional Indicators of Compromise (IOC’s) or a well-defined starting point.

How can Secrutiny help?

When anomalous activity is identified, Secrutiny can provide remote and on-site investigation within hours of engagement to significantly reduce the impact of an incident on your organisation.

A two-phased approach is used to broadly examine the network as a whole to identify a much smaller set of ‘hosts of interest’ that are analysed more deeply in the second phase.

Secrutiny Incident Response Services Diagram

Phase One

The first phase consists of the collection of information from across the entire estate, which is baselined and analysed for usage patterns, statistical anomalies, user behaviour, and vulnerabilities to determine the scope of the incident and identify ‘hosts of interest’.

Phase Two

The ‘hosts of interest’ are examined in greater detail to determine misuse and the risk this threat poses to the organisation.

Step 1: Identify the ‘host of interests’ use and the criticality to the business.

Step 2: Utilise a forensically sound collection tool to gather relevant artefacts.

Step 3: Analyse the collected artefacts to create “the story behind the compromise and its activity”.

As new data and insights are learned, the investigation may expand to additional systems of interest and reiterate through the process. This process continues until full coverage of the threat has been discovered and examined.

Once the analysis has been completed, the results are presented back to the customer in the form of a report for review with the associated evidence and recommended remedial actions.

WANT TO LEARN  MORE?
BOOK A DEMO…

Learn more about Secrutiny’s effective threat assessment, forensic investigation and incident response services, just fill in your details below.

Keeping you up-to-date

*We’d love to keep you up to date with security alerts, free tools & techniques, event invites and company updates. We’ll always treat your details with the utmost care and will never sell them to other companies for marketing purposes. Remember you can change your preferences and opt-out at any time.

CASE STUDY

Discover how a top 100 UK law firm moved to a risk reduction security model after realising the importance of IT hygiene, policy enforcement and user education when they fell victim to a targeted attack.

{

Secrutiny were able to quickly establish the root cause of the attack, raising a level of confidence within our team that undoubtedly helped us achieve a successful outcome.

Head of IT

{